The CONSOLE project has entered its second year, and with it, we now have a working prototype of the framework. The project includes a web interface enabling users to manage projects and organizations and submit code for automated analysis.

Seventeen code analysis tools, comprising both open-source and proprietary solutions, have been integrated into the CONSOLE framework. These tools provide insights into various security issues, including buffer overflows, SQL injection vulnerabilities, and outdated libraries. A modern dashboard allows users to manage and visualize these security insights, with customizable options to tailor the display to their preferences. Additionally, users can enhance their secure coding skills by enrolling in courses on the CONSOLE training platform.

The CONSOLE backend is powered by a code analysis module that orchestrates multiple security tools to analyze code and generate security insights. Each tool runs in its own Docker container, ensuring privacy and scalability. Most of these tools (13 out of 17) operate entirely offline. By running them in isolated containers without internet access, CONSOLE guarantees that the analyzed code remains confidential. The framework supports popular programming languages and technologies, including Node.js, C/C++, and Java, with multiple tools providing diverse perspectives for identifying vulnerabilities. 

The front end allows authorized users to define and match new projects with compatible analysis tools. Currently, users can upload code directly for analysis. In the future, CONSOLE will integrate with GitHub, automatically initiating the analysis process whenever new code is pushed to monitored branches. The analysis results are presented as security clues, highlighting potential code issues. Each security clue typically includes a detailed description, the location of the problem in the source code (if applicable), and recommendations for remediation. All clues are assigned a severity level, helping developers prioritize their efforts. The dashboard facilitates clue management with features for filtering, sorting, and visualizing timelines, offering users a comprehensive and customizable way to track and address security concerns.

The project pilots tested the framework and provided valuable feedback. While there is still work to be done, we are confident that the framework will evolve by the end of the roadmap into a mature product that empowers developers to write more secure code.